From 5a42acf51c5358edb0be7353605a45b2bd7900b5 Mon Sep 17 00:00:00 2001 From: Pavel Kulik Date: Fri, 15 Nov 2024 09:16:43 -0800 Subject: [PATCH] Update workflows --- .github/workflows/linux.yml | 22 +++++++--- .github/workflows/mac.yml | 83 ++++++++++++++++++++++++++++++++--- .github/workflows/windows.yml | 41 ++++++++++------- 3 files changed, 120 insertions(+), 26 deletions(-) diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 9e7e11d..0d436d0 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -10,15 +10,27 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - os: [ubuntu-18.04] + os: [ubuntu-20.04] steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: set env vars + run: | + if [ ${{github.ref_name}} == 'juce8' ]; then + echo "GUI_BRANCH=development-juce8" >> "$GITHUB_ENV" + elif [ ${{github.ref_name}} == 'testing-juce8' ]; then + echo "GUI_BRANCH=testing-juce8" >> "$GITHUB_ENV" + else + echo "Invalid branch : ${{github.ref_name}}" + exit 1 + fi - name: setup run: | sudo apt update cd ../.. - git clone https://github.com/open-ephys/plugin-GUI.git --branch main + git clone https://github.com/open-ephys/plugin-GUI.git --branch $GUI_BRANCH sudo ./plugin-GUI/Resources/Scripts/install_linux_dependencies.sh cd plugin-GUI/Build && cmake -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release .. - name: build @@ -29,14 +41,14 @@ jobs: # - name: test # run: cd build && ctest - name: deploy - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/testing-juce8' env: artifactoryApiKey: ${{ secrets.artifactoryApiKey }} build_dir: "Build" package: EventBroadcaster-linux run: | plugin_api=$(grep -rnw ../../plugin-GUI/Source -e '#define PLUGIN_API_VER' | grep -Eo "[0-9]*" | tail -1) - tag=$(git describe --tags $(git rev-list --tags --max-count=1)) + tag=$(grep -w Source/OpenEphysLib.cpp -e 'info->libVersion' | grep -Eo "[0-9]+.[0-9]+.[0-9]+") new_plugin_ver=$tag-API$plugin_api mkdir plugins cp -r $build_dir/*.so plugins diff --git a/.github/workflows/mac.yml b/.github/workflows/mac.yml index eca77d8..3f460c3 100644 --- a/.github/workflows/mac.yml +++ b/.github/workflows/mac.yml @@ -13,11 +13,26 @@ jobs: os: [macos-latest] steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: set env vars + run: | + if [ ${{github.ref_name}} == 'juce8' ]; then + echo "GUI_BRANCH=development-juce8" >> "$GITHUB_ENV" + elif [ ${{github.ref_name}} == 'testing-juce8' ]; then + echo "GUI_BRANCH=testing-juce8" >> "$GITHUB_ENV" + else + echo "Invalid branch : ${{github.ref_name}}" + exit 1 + fi + - uses: maxim-lobanov/setup-xcode@v1 + with: + xcode-version: latest-stable - name: setup run: | cd ../.. - git clone https://github.com/open-ephys/plugin-GUI.git --branch main + git clone https://github.com/open-ephys/plugin-GUI.git --branch $GUI_BRANCH cd plugin-GUI/Build && cmake -G "Xcode" .. - name: build run: | @@ -27,19 +42,75 @@ jobs: # - name: test # run: cd build && ctest - name: deploy - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/testing-juce8' env: artifactoryApiKey: ${{ secrets.artifactoryApiKey }} + MACOS_CERTIFICATE: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} + MACOS_CERTIFICATE_PWD: ${{ secrets.BUILD_CERTIFICATE_PWD }} + MACOS_CERTIFICATE_NAME: ${{ secrets.BUILD_CERTIFICATE_NAME }} + MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }} + PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }} + PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }} + PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }} build_dir: "Build/Release" package: EventBroadcaster-mac run: | plugin_api=$(grep -rnw ../../plugin-GUI/Source -e '#define PLUGIN_API_VER' | grep -Eo "[0-9]" | tail -1) - tag=$(git describe --tags $(git rev-list --tags --max-count=1)) + tag=$(grep -w Source/OpenEphysLib.cpp -e 'info->libVersion' | grep -Eo "[0-9]+.[0-9]+.[0-9]+") new_plugin_ver=$tag-API$plugin_api + mkdir plugins cp -r $build_dir/*.bundle plugins - mkdir shared + + mkdir shared cp -r libs/macos/bin/* shared + + # Turn our base64-encoded certificate back to a regular .p12 file + echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 + + # We need to create a new keychain, otherwise using the certificate will prompt + # with a UI dialog asking for the certificate password, which we can't + # use in a headless CI environment + security create-keychain -p $MACOS_CI_KEYCHAIN_PWD build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p $MACOS_CI_KEYCHAIN_PWD build.keychain + security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $MACOS_CI_KEYCHAIN_PWD build.keychain + /usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" -v plugins/event-broadcaster.bundle --deep --strict --timestamp --options=runtime + /usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" -v shared/libzmq.5.dylib --deep --strict --timestamp --options=runtime + + /usr/bin/codesign -dv --verbose=4 plugins/event-broadcaster.bundle + + # Store the notarization credentials so that we can prevent a UI password dialog from blocking the CI + + echo "Create keychain profile" + xcrun notarytool store-credentials "notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD" + + # We can't notarize an app bundle directly, but we need to compress it as an archive. + # Therefore, we create a zip file containing our app bundle, so that we can send it to the + # notarization service + + echo "Creating temp notarization archive" + /usr/bin/ditto -c -k --sequesterRsrc --keepParent plugins/event-broadcaster.bundle event-broadcaster.zip + + # Here we send the notarization request to the Apple's Notarization service, waiting for the result. + # This typically takes a few seconds inside a CI environment, but it might take more depending on the App + # characteristics. Visit the Notarization docs for more information and strategies on how to optimize it if + # you're curious + + echo "Notarize app" + xcrun notarytool submit "event-broadcaster.zip" --keychain-profile "notarytool-profile" --wait + + # Finally, we need to "attach the staple" to our executable, which will allow our app to be + # validated by macOS even when an internet connection is not available. + echo "Attach staple" + rm -r plugins/* + /usr/bin/ditto -x -k event-broadcaster.zip plugins + xcrun stapler staple plugins/event-broadcaster.bundle + + spctl -vvv --assess --type exec plugins/event-broadcaster.bundle + zipfile=${package}_${new_plugin_ver}.zip - zip -r -X $zipfile plugins shared + /usr/bin/ditto -c -k --sequesterRsrc --keepParent plugins $zipfile + /usr/bin/ditto -c -k --sequesterRsrc --keepParent shared $zipfile curl -H "X-JFrog-Art-Api:$artifactoryApiKey" -T $zipfile "https://openephys.jfrog.io/artifactory/EventBroadcaster-plugin/mac/$zipfile" \ No newline at end of file diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index f1b4618..32f8e7b 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -10,47 +10,58 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - os: [windows-2019] + os: [windows-latest] steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: set env vars + run: | + if [ ${{github.ref_name}} == 'juce8' ]; then + echo "GUI_BRANCH=development-juce8" >> "$GITHUB_ENV" + echo "GUI_LIB_VERSION=v1.0.0-dev" >> "$GITHUB_ENV" + elif [ ${{github.ref_name}} == 'testing-juce8' ]; then + echo "GUI_BRANCH=testing-juce8" >> "$GITHUB_ENV" + echo "GUI_LIB_VERSION=v1.0.0-alpha" >> "$GITHUB_ENV" + else + echo "Invalid branch : ${{github.ref_name}}" + exit 1 + fi + shell: bash - name: setup - env: - repo: open-ephys-gui - package: "open-ephys-lib" run: | cd ../.. - git clone https://github.com/open-ephys/plugin-GUI.git --branch main + git clone https://github.com/open-ephys/plugin-GUI.git --branch $GUI_BRANCH cd plugin-GUI/Build - cmake -G "Visual Studio 16 2019" -A x64 .. + cmake -G "Visual Studio 17 2022" -A x64 .. mkdir Release && cd Release - curl -L https://openephysgui.jfrog.io/artifactory/Libraries/open-ephys-lib-v0.6.0.zip --output open-ephys-lib.zip + curl -L https://openephysgui.jfrog.io/artifactory/Libraries/open-ephys-lib-$GUI_LIB_VERSION.zip --output open-ephys-lib.zip unzip open-ephys-lib.zip shell: bash - name: configure run: | cd Build - cmake -G "Visual Studio 16 2019" -A x64 .. + cmake -G "Visual Studio 17 2022" -A x64 .. shell: bash - name: Add msbuild to PATH - uses: microsoft/setup-msbuild@v1.0.2 - - name: build-plugin + uses: microsoft/setup-msbuild@v2 + - name: build run: | - cd Build - msbuild INSTALL.vcxproj -p:Configuration=Release -p:Platform=x64 + msbuild Build/INSTALL.vcxproj -p:Configuration=Release -p:Platform=x64 shell: cmd # TODO: Perform some basic testing before publishing... # - name: test # run: cd build && ctest - name: deploy - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/testing-juce8' env: artifactoryApiKey: ${{ secrets.artifactoryApiKey }} build_dir: "Build/Release" package: EventBroadcaster-windows run: | plugin_api=$(grep -rnw ../../plugin-GUI/Source -e '#define PLUGIN_API_VER' | grep -Eo "[0-9]*" | tail -1) - tag=$(git describe --tags $(git rev-list --tags --max-count=1)) + tag=$(grep -w Source/OpenEphysLib.cpp -e 'info->libVersion' | grep -Eo "[0-9]+.[0-9]+.[0-9]+") new_plugin_ver=$tag-API$plugin_api mkdir plugins cp $build_dir/*.dll plugins